Friday, January 15, 2010

Support for Google Apps for Domains issued OpenIDs. This required special work since Google has their own flavor of OpenID discovery that had to be supported until something like Google’s scenario get’s standardized.

Identifier discovery extensibility (this is how Google Apps support was enabled, but the extensibility is exposed for others as well – but use with caution!)

New SSO web-ring samples added, so organizations looking to use OpenID for their SSO solution can see how it might be done.

Minor bug fixes.

Please note that this is the first version to have statistical reporting enabled by default, which reports feature usage statistics and the URL of the site hosting the library to the library authors. To opt-out of this feature, you should add this to your web.config file:

<dotNetOpenAuth>
<reporting enabled="false" />
</dotNetOpenAuth>

The details included in the reports may be selectively turned on or off as well, if you are willing to contribute statistics but don't want the URL to your web site exposed, for example. More information can be found in my follow-up post: DotNetOpenAuth’s “call home” reporting.

11 comments:

One thing I have been trying to get is a website that functions both as a OpenID provider and relying party. I see in 3.4 there are samples for the two separately, and I have attempted to merge the two code bases and configs etc into a single website to no avail.

Is what I am attempting even possible? Or does OpenID, by its very nature, require providers and relying parties to be cleanly separated?

As to why I want to do this, it is to allow standard username / password when the website is launched (ie it will use OpenID but be restricted to itself as the provider), but with flexibility to broaden the provider list later depending on website takeup.

Hi mjwills,A site can certainly be an RP and OP at once. And DotNetOpenAuth doesn't do anything to stop you, although as you say, there are no samples of it doing this. Please send details to dotnetopenid@googlegroups.com for more help.

It seem that the DotNetOpenAuth.resources under the sr is only delay signed. it has been this way since this assembly has been added.

You can make a little experiment by trying to install the assembly into the GAC. You will get:Failure adding assembly to the cache: Strong name signature could not be verified. Was the assembly built delay-signed?

I open an issue for in the DotNetOpenAuth trac (171).

Am I missing something? Do I need to-do something on my end? I searched the wiki but couldn't find anything.

Andrew.. I am enjoying the dotnetopenauth work quite a bit and I think as for google and yahoo I have it licked.

Now .. the question, facebook claims to be an openid vendor.. the rich user interaction one can glean from facebook connect is of interest to me. Any guidance out there on a facebook implementation using .net. I think the key issue is the wiring up of the post-authorize call back.. or so it seems to me...

I can make it work with regular google accounts with this url: "https://www.google.com/accounts/o8/id"

But no success with google education. i use this url:"https://www.google.com/accounts/o8/site-xrds?hd=school.tzafonet.org.il"

But i keep getting AuthenticationStatus.Failed with an exception:"The X.509 certificate used to sign this document is not trusted. The revocation function was unable to check revocation for the certificate., The revocation function was unable to check revocation because the revocation server was offline."